From 35d3a6ad5321dd62f07bc95f5abc48c3304fb8d6 Mon Sep 17 00:00:00 2001 From: Victor Seva Date: Fri, 25 Apr 2014 11:19:35 +0200 Subject: [PATCH] MT#6695 scripts: add generate_ssl_key.sh --- script/generate_ssl_keys.sh | 9 +++++++ script/opensslcnf.cnf | 51 +++++++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+) create mode 100755 script/generate_ssl_keys.sh create mode 100644 script/opensslcnf.cnf diff --git a/script/generate_ssl_keys.sh b/script/generate_ssl_keys.sh new file mode 100755 index 0000000000..1393586b6c --- /dev/null +++ b/script/generate_ssl_keys.sh @@ -0,0 +1,9 @@ +#!/bin/sh +BASE="/usr/share/ngcp-panel/script" +DEST=${1:-/etc/ngcp-panel/api_ssl} + +mkdir -p ${DEST} + +/usr/bin/openssl req -x509 -config ${BASE}/opensslcnf.cnf \ + -newkey rsa:4096 -keyout ${DEST}/api_ca.key -out ${DEST}/api_ca.crt \ + -days 999 -nodes -batch diff --git a/script/opensslcnf.cnf b/script/opensslcnf.cnf new file mode 100644 index 0000000000..0882c97813 --- /dev/null +++ b/script/opensslcnf.cnf @@ -0,0 +1,51 @@ +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +[ CA_default ] + +default_days = 1000 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +x509_extensions = ca_extensions # The extensions to add to the cert + +email_in_dn = no # Don't concat the email in the DN +copy_extensions = copy # Required to copy SANs from CSR to cert + +#################################################################### +[ req ] +default_bits = 4096 +default_keyfile = cakey.pem +distinguished_name = ca_distinguished_name +x509_extensions = ca_extensions +string_mask = utf8only + +#################################################################### +[ ca_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AT + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) +localityName_default = + +organizationName = Organization Name (eg, company) +organizationName_default = Sipwise GmbH + +commonName = Common Name (e.g. server FQDN or YOUR name) +commonName_default = Sipwise GmbH + +emailAddress = Email Address +emailAddress_default = service@sipwise.com + +#################################################################### +[ ca_extensions ] + +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always, issuer +basicConstraints = critical, CA:true +keyUsage = keyCertSign, cRLSign